Under Insights > Threat Management, the columns available aren't very useful, at least for my use case. Adding a MAC address (for local clients) and IP address (source and destination ideally) option to the columns would help immensley. Ideally, these columns would also be sortable and searchable.

I use it to detect torrenting clients on the network, which is not allowed due to the difficulty in determing what is legal vs illegal activity on a network with 500 people. If I get a hit with "torrent" in the threat description or P2P in the category, I then have to open the hit and look at the IP address on it. Then I have to take that IP address to the Clients list and figure out what MAC address is associated with it. I need to look at the duration of the connection, and if it's outside of the present time (someone else had that IP address), then I have to go to the Past Connections screen and try that, but I can't just search the IP address, I have to search based on time, because the IP address field isn't searchable on the Past Connections screen. I then take that MAC address to the Hotspot page for the site, and look it up in the Authorized Clients page, which then finally gives me the account and therefore the name of the person so I can disable their accounts and unauthorize their devices per our organization's policies.

That's a lot of steps that can be significantly streamlined by just presenting the MAC address and IP address in columns on the threat management screen.